Confidentiality of Personal Information

The California State University (CSU) has responsibility to protect sensitive personal data and maintain confidentiality of that data under the Information Practices Act (IPA), Title 5, and the Family Educational Rights and Privacy Act (FERPA). Personal data includes (and not limited to) the following:

Social Security Number (SSN)

Date of Birth (DOB)

Home Address

Home Phone Number

Physical Description

Medical History

Gender and Ethnicity

The Office of the Chancellor issued coded memorandum (HR2002-27 and HR2003-5) detailing the CSU's requirements for protecting confidential data. Additionally, the Office of General Counsel for the CSU issues and maintains a Records Access Manual, which provides an overview of federal and state law governing access to records possessed by the CSU.

FERPA affords student certain rights with respect to their education record, one of which is the right to consent to the disclosure of personally identifiable information except to the extent that FERPA authorizes disclosure without consent.

CSUSB requires all employees who have been determined to have a need for access to confidential personal information complete a Confidentiality & Compliance Form. This form is filed in the Human Resources Department. It is the responsibility of each department manager to ensure that forms are completed by their employees and returned to Human Resources.

Further information on these state and federal laws as well as CSUSB's policies, can be obtained at the following web site locations:

Information Practices Act of 1977

To assist employees in understanding the IPA and to prevent inappropriate disclosure of information, below is a summary of key components:

General Provisions and Legislative Findings

The right to privacy is a personal and fundamental right protected by Section 1 of Article I of the Constitution of California and by the United States Constitution. All individuals have a right of privacy in information pertaining to them. The California's Legislature has found that:

The right to privacy is being threatened by the indiscriminate collection, maintenance, and dissemination of personal information and the lack of effective laws and legal remedies.

The increasing use of computers and other sophisticated information technology has greatly magnified the potential risk to individual privacy that can occur from the maintenance of personal information.

In order to protect the privacy of individuals, it is necessary that the maintenance and dissemination of personal information be subject to strict limits.

Definitions

The term "personal information" means any information maintained by the campus that identifies or describes an individual, including, but not limited to: his or her name, social security number, physical description, home address, home telephone number, education, financial matters, and medical or employment history. It includes statements made by, or attributed to, the individual.

The term "disclose" means to disclose, release, transfer, disseminate or otherwise communicate all or any part of any record, orally, in writing, or by electronic or any other means to any person or entity.

Penalties

"The intentional violation of any provision of this chapter or any rules or regulations adopted there under by an employee of any campus shall constitute a cause for discipline, including termination of employment."

Any person who willfully requests or obtains any record containing personal information from a campus under false pretenses shall be guilty of a misdemeanor or fined not more than five thousand dollars ($5,000), or imprisoned not more than one year, or both.